Master’s Capstone: PAMEx

05/05/2023
static/img/project_imgs/Screenshot_from_2023-06-12_16-12-11.png

PAMEx: A Compiler and Tools to Support a More
Flexible Security Policy for Simpleflow

 

The Beginning of My Capstone Journey:

One of the requirements for the completion of my master's of software engineering degree was to create a capstone project. At this point, I had already taken classes in cybersecurity and was on track to get an emphasis on it, and with this background, I decided that I wanted to complete a capstone that further reflected my interest in cybersecurity. I worked with Dr. W. M. Petullo as my advisor to devise and complete this project.

 

The Proposal:

Creating the capstone proposal for PAMEx was a meticulous process that required thorough research and planning. I delved deep into researching Linux security modules to gain a comprehensive understanding of the project's requirements and potential challenges. I then drafted a detailed description of PAMEx, outlining its core features and functionalities. 
download proposal

To ensure the viability and academic merit of PAMEx, I presented the capstone proposal to a board of professors. Once approved, I began to work on the project.

 

What is PAMEx?:

PAMEx at its core is a Linux security tool suite which allows a privileged administrative user to define security clearance for files and users using a custom language. The administrator may define one or more heirarchical levels and zero of more non-heirarchical labels for which to label both files and users. This clearance structure was modeled after the United States file classification system -- a tried tested and true method. The idea is that a user who has been given the uppermost security clearance level in PAMEx will have the level clearance that they need to access any file on the system. However, the user also requires the same labels that the file posses in order to actually access the file. 

PAMEx was developed using a modified Agile approach and the Scrum framework. As I was a one-man development team with the help of my advisor, there were some modifications and liberties that had to be made in order for the Scrum process to work. The project was created in a total of two semesters and consists of a custom-made compiler, a custom PAM module, an extended attribute modification tool, and a manuscript of the process of the creation of PAMEx.  

download manuscript

 

Completion:

The working iteration of PAMEx was then presented and demonstrated to a board of professors where it was ultimately approved for its academic merit.

While the bones of PAMEx are solid, it is a complex system that still contains a few known bugs. Therefore, as a side project, I will continue to make bug fixes and enhancements to PAMEx.

source code